Open code423n4 opened 2 years ago
gzeon
There is no slippage control on deposit of IbbtcVaultZap.sol, which expose user to sandwich attack.
deposit
https://github.com/Badger-Finance/badger-ibbtc-utility-zaps/blob/6f700995129182fec81b772f97abab9977b46026/contracts/IbbtcVaultZap.sol#L174 Any deposit can be sandwiched, especially when the pool is not balanced.
Add a _minOut in line with the mint function of other contacts, and pass it as a parameter on L174
Handle
gzeon
Vulnerability details
Impact
There is no slippage control on
depositof IbbtcVaultZap.sol, which expose user to sandwich attack.Proof of Concept
https://github.com/Badger-Finance/badger-ibbtc-utility-zaps/blob/6f700995129182fec81b772f97abab9977b46026/contracts/IbbtcVaultZap.sol#L174 Any deposit can be sandwiched, especially when the pool is not balanced.
Tools Used
Recommended Mitigation Steps
Add a _minOut in line with the mint function of other contacts, and pass it as a parameter on L174